First…
there was a big black hole (BBH). And then it got bigger. Seriously. At this point in my life I realized that more I learn more is there to learn.
Failure is success if we live to learn from it.
(Malcolm Forbes and me)
Second…
Chewing through the virtuoso documentation made me realize that using /sparql endpoint for updating graphs (i.e. inserting triples into it) is not a particularly good idea. One has to have some security, right? I said to the SPARQL user that it has the right to return error on any non-SELECT demand. I found out that there are three possibilities of securing your virtuoso endpoint:
- via SQL account and digest authentication
- via OAuth
- using WebID protocol (*sigh*)
There is good news…
Implementing digest authentication into LODRefine was easy peasy (after I found the right library that is). I used Apache HTTP Client for this:
...
import org.apache.http.client.params.AuthPolicy;
import org.apache.http.NameValuePair;
import org.apache.http.auth.AuthScope;
import org.apache.http.impl.client.DefaultHttpClient;
import org.apache.http.auth.UsernamePasswordCredentials;
...
...
...
DefaultHttpClient client = new DefaultHttpClient();
client.getCredentialsProvider().setCredentials(
new AuthScope(endpoint.getHost(),endpoint.getPort()),
new UsernamePasswordCredentials(properties.get("username"), properties.get("password"))
);
client.getParams().setParameter(AuthPNames.PROXY_AUTH_PREF, AuthPolicy.DIGEST);
HttpPost httpPost = new HttpPost(endpoint.toURI()); try {
List nvps = new ArrayList ();
nvps.add(new BasicNameValuePair("query", query));
httpPost.setEntity(new UrlEncodedFormEntity(nvps));
HttpResponse response = client.execute(httpPost);
...
}
...
...
Nice and simple, if only the virtuoso endpoint you are trying to use supports this kind of authentication – if it does, it is accessible at /sparql-auth. I had to enable it on my local virtuoso instance. I also created a new user with SPARQL UPDATE rights. For more details see Virtuoso guide.
… and there is oh-not-so-good news …
In LOD2 we decided to use WebID authentication. This will definitely not be a walk in the park. You’ll have to wait for part 3 to see, whether I survived this dangerous endeavor.
Avoiding danger is no safer in the long run than outright exposure. The fearful are caught as often as the bold. Especially if they don’t run fast enough.
(Hellen Keller and me)